4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
11/11/2023, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe
Size

86KB
MD5

dced222b67095f250f7dcf30f764d474
SHA1

35fe92130a58fa324e2aba06037686023fffe976
SHA256

4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1
SHA512

872ddbb28c7ef50730657f89750c304c326e98781766299459793a702af609f032662d94118660a75dc28958a816cc375d7d5405c9facd7c1bb2b8bd4893c5e5
SSDEEP

1536:cMfgLdQAQfcfymN+Rgg2VkS9fukSaErDY1TpRPj+PxI:cMftffjmN319xG/YTRPOxI

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3044	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2616	Logo1_.exe
2532	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe

Loads dropped DLL 1 IoCs

pid	Process
3044	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\kinit.exe	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\oc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\defaults\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe
File created	C:\Windows\Logo1_.exe	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2616	Logo1_.exe
2616	Logo1_.exe
2616	Logo1_.exe
2616	Logo1_.exe
2616	Logo1_.exe
2616	Logo1_.exe
2616	Logo1_.exe
2616	Logo1_.exe
2616	Logo1_.exe
2616	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 3044	1856	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe	28
PID 1856 wrote to memory of 3044	1856	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe	28
PID 1856 wrote to memory of 3044	1856	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe	28
PID 1856 wrote to memory of 3044	1856	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe	28
PID 1856 wrote to memory of 2616	1856	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe	29
PID 1856 wrote to memory of 2616	1856	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe	29
PID 1856 wrote to memory of 2616	1856	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe	29
PID 1856 wrote to memory of 2616	1856	4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe	29
PID 2616 wrote to memory of 2776	2616	Logo1_.exe	31
PID 2616 wrote to memory of 2776	2616	Logo1_.exe	31
PID 2616 wrote to memory of 2776	2616	Logo1_.exe	31
PID 2616 wrote to memory of 2776	2616	Logo1_.exe	31
PID 2776 wrote to memory of 2512	2776	net.exe	33
PID 2776 wrote to memory of 2512	2776	net.exe	33
PID 2776 wrote to memory of 2512	2776	net.exe	33
PID 2776 wrote to memory of 2512	2776	net.exe	33
PID 3044 wrote to memory of 2532	3044	cmd.exe	34
PID 3044 wrote to memory of 2532	3044	cmd.exe	34
PID 3044 wrote to memory of 2532	3044	cmd.exe	34
PID 3044 wrote to memory of 2532	3044	cmd.exe	34
PID 2616 wrote to memory of 1276	2616	Logo1_.exe	18
PID 2616 wrote to memory of 1276	2616	Logo1_.exe	18

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1276
- C:\Users\Admin\AppData\Local\Temp\4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe
  "C:\Users\Admin\AppData\Local\Temp\4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1856
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3F80.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe
      "C:\Users\Admin\AppData\Local\Temp\4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe"
      4⤵
      Executes dropped EXE
      PID:2532
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
9a77c06c3deda85017d76e0931e5df72

SHA1
f71d8d065c61287fd579f3d2a0af12c0a2730a69

SHA256
111400fbaa05b63d2839be7549b95b73e196af315087fc35cb5c30dc0d0ca266

SHA512
77a50ad74438c5c99ff0502a0c0a709a4b85b42f30f75ec7566bcf81a7ecb7e4a620c69c651a892516c4866a19ce4b2c310addfcbba3f0f9bdec19cf828e397c

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
0f72a6e8750ea6e1cd0ed4994d2cf99d

SHA1
7c401c8b70a17e039f6a27e4067d2cab52029234

SHA256
da1cf6b49885d6c3313e3b3301e2df8399d3855d1ea6606a7cb1b376e4c0645c

SHA512
a301d119dc0a8fdd4fc8788d3de471f6e44837030d62440e6d0f314f369def18d6999437aced29c4992443c061e11cd3b680fcf7ec10b79d1acf54693f30744e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3F80.bat

Filesize
722B

MD5
93dc7ee41dc6b21fafb7792abbc4fed3

SHA1
61f545b49ec3d5045f893b162202af7e44b84cdb

SHA256
5eec395e90e7e1a9ab00eeaffedaefd78df42acd9271f00aa3ec2aed2d9362c6

SHA512
c96e6493382bc4505a4cd14e9a5015879f77d2e8570e38fc1db45884ee3df2b07eeb2d16e7251b54b44272d6c6882bdb9fd911da561dfec97b6a69e97c47700f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3F80.bat

Filesize
722B

MD5
93dc7ee41dc6b21fafb7792abbc4fed3

SHA1
61f545b49ec3d5045f893b162202af7e44b84cdb

SHA256
5eec395e90e7e1a9ab00eeaffedaefd78df42acd9271f00aa3ec2aed2d9362c6

SHA512
c96e6493382bc4505a4cd14e9a5015879f77d2e8570e38fc1db45884ee3df2b07eeb2d16e7251b54b44272d6c6882bdb9fd911da561dfec97b6a69e97c47700f

Download Submit
C:\Users\Admin\AppData\Local\Temp\4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe

Filesize
60KB

MD5
ccb852904a2216c1d110d475009c5182

SHA1
2319964fea08b7ff95e14aeb6614ebf25a18796c

SHA256
6e16f4691a0c3250c8fcce465827c4996611229c2e74abc40c280afc1582831c

SHA512
ab946559c55cc3f90046cc85b02635cd7c3aa9fa137d905c8c621a0697f3f37774e45ff440430107245c5e3bebe167511d9156adb6ae538f87a00d8c8631cb1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe.exe

Filesize
60KB

MD5
ccb852904a2216c1d110d475009c5182

SHA1
2319964fea08b7ff95e14aeb6614ebf25a18796c

SHA256
6e16f4691a0c3250c8fcce465827c4996611229c2e74abc40c280afc1582831c

SHA512
ab946559c55cc3f90046cc85b02635cd7c3aa9fa137d905c8c621a0697f3f37774e45ff440430107245c5e3bebe167511d9156adb6ae538f87a00d8c8631cb1f

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8a4489d73e1b8863df81ab298116b9e7

SHA1
420e27433a94aa75f5b37f7395d3dc67adf88591

SHA256
92dd20179d09a6e58d7ad5f27080e275b9fa3e9922168e9f1710e2d711eaa3cc

SHA512
5ef22e387cc71bc74043e25cd61fdfc641a44053c07a9023fe4fa57b7c5a8c4cfaae418f70b7f554263e618c5b6867a9c6abc959d31a4f76091b79c5b0e56ebf

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8a4489d73e1b8863df81ab298116b9e7

SHA1
420e27433a94aa75f5b37f7395d3dc67adf88591

SHA256
92dd20179d09a6e58d7ad5f27080e275b9fa3e9922168e9f1710e2d711eaa3cc

SHA512
5ef22e387cc71bc74043e25cd61fdfc641a44053c07a9023fe4fa57b7c5a8c4cfaae418f70b7f554263e618c5b6867a9c6abc959d31a4f76091b79c5b0e56ebf

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8a4489d73e1b8863df81ab298116b9e7

SHA1
420e27433a94aa75f5b37f7395d3dc67adf88591

SHA256
92dd20179d09a6e58d7ad5f27080e275b9fa3e9922168e9f1710e2d711eaa3cc

SHA512
5ef22e387cc71bc74043e25cd61fdfc641a44053c07a9023fe4fa57b7c5a8c4cfaae418f70b7f554263e618c5b6867a9c6abc959d31a4f76091b79c5b0e56ebf

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
8a4489d73e1b8863df81ab298116b9e7

SHA1
420e27433a94aa75f5b37f7395d3dc67adf88591

SHA256
92dd20179d09a6e58d7ad5f27080e275b9fa3e9922168e9f1710e2d711eaa3cc

SHA512
5ef22e387cc71bc74043e25cd61fdfc641a44053c07a9023fe4fa57b7c5a8c4cfaae418f70b7f554263e618c5b6867a9c6abc959d31a4f76091b79c5b0e56ebf

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3618187007-3650799920-3290345941-1000\_desktop.ini

Filesize
10B

MD5
f51c3552f0c301ae8d98c7fba5088597

SHA1
b74920b9332b7ddc34e3d793215d6d402dfa265e

SHA256
d9d5ad4ac9b545fe611f501ffb102acad318e4d1e5648061eda6ff03ffc3e3a1

SHA512
281662d4c7abe512da2489431bb4ad36d979fd441654ec1212af9274dc7b0ea666111c52f1ee842adde37cbb51a8fe095091b52ad824cfdf4516f2f08232eb81

Download Submit
\Users\Admin\AppData\Local\Temp\4f0fa6207ce60dc0e8492b78ed4a7d1783335a7923a277bcceb529f1e99b4eb1.exe

Filesize
60KB

MD5
ccb852904a2216c1d110d475009c5182

SHA1
2319964fea08b7ff95e14aeb6614ebf25a18796c

SHA256
6e16f4691a0c3250c8fcce465827c4996611229c2e74abc40c280afc1582831c

SHA512
ab946559c55cc3f90046cc85b02635cd7c3aa9fa137d905c8c621a0697f3f37774e45ff440430107245c5e3bebe167511d9156adb6ae538f87a00d8c8631cb1f

Download Submit
memory/1276-29-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/1856-12-0x00000000002D0000-0x0000000000304000-memory.dmp

Filesize
208KB

Download
memory/1856-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1856-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-38-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-44-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-90-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-195-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-1849-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-3309-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2616-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download